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DETAILED ACTION 
Response to Amendment 

1 . The Applicant's amendment, filed 02 June 2008, has been received, entered into 
the record, and respectfully and carefully considered. 

2. As a result of the amendment, claims 1 , 4 and 5 have been amended. Claims 6- 
20 have been canceled. Claims 1-5 are now presented for examination. 

Claim Rejections - 35 USC § 102 

3. The following is a quotation of the appropriate paragraphs of 35 U.S.C. 1 02 that 

form the basis for the rejections under this section made in this Office action: 

(e) the invention was described in (1) an application for patent, published under section 122(b), by 
another filed in the United States before the invention by the applicant for patent or (2) a patent 
granted on an application for patent by another filed in the United States before the invention by the 
applicant for patent, except that an international application filed under the treaty defined in section 
351 (a) shall have the effects for purposes of this subsection of an application filed in the United States 
only if the international application designated the United States and was published under Article 21(2) 
of such treaty in the English language. 

4. Claims 1-5 are rejected under 35 U.S.C. 102(e) as being anticipated by Wood et 
al. (U.S. Patent No. 6,609,198) 

As per claim 1, Wood et al. discloses a method, comprising: 
Receiving a form at a client, wherein the form requests that a first password be 
submitted to a server ("...obtaining a first credential for a client entity and 
authenticating the client entity thereby..." - e.g. col. 3, lines 15-16 and col. 18, lines 62- 
64. Please note first credential corresponds to Applicant's first password) 

determining whether the first password is restricted to a set of pages wherein the 
determining further comprises in response to each of the pages in the set being 
retrieved from the server ("a gatekeeper with an authorization interface for determining 
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whether a first authenticated credential associated with client entity and session is 
consistent with a trust level requirement for a target information resource and, if so, 
proxying an access thereto and" - e.g. col. 4, lines 8-12), determining whether at least 
one of the pages in the set comprises a meta tag that includes password restriction 
control information that specifies an address of a domain and restriction of password 
submission to within the domain ("a gatekeeper with an authorization interface for 
determining whether a first authenticated credential associated with client entity and 
session is consistent with a trust level requirement for a target information resource 
and, if so, proxying an access theretoand" - e.g. col. 4, lines 8-12 and "...redirect from 
gatekeeper/entry handler component 1 10. .Note that in configurations in which the 
security architecture controls access to resources in several domains, care should be 
exercised to select a tag or tags for the cookie such that it will be provided through 
normal operation of the browser in subsequent accesses to any of the several 
domains. Persons of ordinary skill in the art will appreciate suitable tagging 
techniques..." - e.g. col. 1 1 , lines17-29. Please note tag corresponds to Applicant's 
meta tag), wherein the pages in the set are interpreted and displayed at the client after 
being retrieved from the server ("User 301 interacts with browser 302 to place an order 
with order management service 312. An application security framework 303 receives 
an access request including the order and, operating in conjunction with a variety of 
other services, provides a single sign-on facility substantially as described above. If 
the order does not include a session token or cannot be otherwise associated with 
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corresponding valid session credentials, then session credentials are obtained..." - 
e.g. col. Col. 17, lines 26-51 and fig. 3A- 3D); 

if the first password is restricted to the set of pages, denying submission of 
the first password outside the set of pages, wherein the first password is allowed to be 
submitted to the server that originated the set of pages and if the first password is not 
restricted to the set of pages, allowing submission of the password outside the set of 
pages ("...accessing a first of plural information resources, and if the client entity is 
sufficiently authenticated for access to a second of the information resources, 
accessing the second information resource. Otherwise, a second credential for the 
client entity is obtained and the client entity is authenticated thereby. The second 
credential sufficiently authenticates the client entity for access to the second 
information resource and thereafter the second information resource is accessed..." - 
e.g. col. 3, lines 13-28); 

denying submission of a second password inside the set of pages if the 
second password was previously submitted outside the set of pages, allowing 
submission of the second password inside the set of pages if the second password 
was not previously submitted outside the set of pages ("...The information resources 
have individualized authentication requirements... The common log-on service 
obtains a first credential for the client entity.. .In response to an access request 
requiring a second authentication level... the common log-on service obtains a second 
credential..." - e.g. col. 3, line 54 - col. 4, line 20 and "...a salary tool is accessible 
only from with a company's internal network. No level of authentication trust may be 
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sufficient to access such a tool from outside company network. To facilitate 
implementation of such a security policy, authorization component 40 could refuse 
access based on environment parameters indicating a session originating outside the 
company's internal network" - e.g. col. 6, lines 44-52); and 

if the at least one of the pages in the set comprises the password 
restriction control information that specifies the address of the domain and the 
restriction of the password submission to within the domain, saving the address of the 
domain and saving an indication that password use is to be restricted for all the pages 
in the domain ("...Person with ordinary skill in the art will appreciate suitable tagging 
techniques, including the use of multiple cookies..." -e.g. col. 11, lines 27-29 and 
"...Typically, aspects of session state are represented... and a session token.. session 
token or cookie. In general, a variety of facilities such as cookies, can be used to 
maintain state across a series of protocol interactions, such as HTTP transaction..." - 
e.g. col. 9, lines 12-28 and col. 10, line 56 - col. 1 1 , line 16. Please note cookies are 
used for authentication, session tracldng (state maintenance), and maintaining 
specific information about users and allowing users to log in to a website. Users 
typically log in by inserting tlieir credentials into a login page; cookies allow the server to 
know that the user is already authenticated, and therefore is allowed to access services 
or perform operations that are restricted to logged-in users. This is the method 
commonly used by many sites that allow logging in, such as Yahoo!) . 
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As per claim 2, Wood et al. discloses a metliod as applied above in claim 1 . 
Wood et al. further discloses wherein the set of pages comprise all pages within the 
domain ("...sun.com..." - e.g. col. 13, lines 37-41). 

As per claim 3, Wood et al. discloses a method as applied above in claim 1 . 
Wood et al. further discloses wherein the set of pages comprises a single page ("...html 
form..." - e.g. col. 16, lines 39-42, "...login page (e.g., HTML)..." -e.g. col. 11, line 65 
and "...a salary tool is accessible only from a company's internal network..." - e.g. col. 6, 
lines 45-49). 

As per claim 4, Wood et al. discloses a method as applied above in claim 1 . 
Wood et al. further discloses presenting a dialog at the client, wherein the dialog allows 
a user to specify an address of a domain for which password submission is to be 
restricted ("...presenting an URL to gatekeeper/entry handler component 1 10..." - e.g. 
col. 7, line 36 - col. 8, line 15). 

As per claim 5, Wood et al. discloses a method as applied above in claim 1 . 
Wood et al. further discloses presenting a dialog at the client, wherein the dialog allows 
a user to specify an address of a single page for which password submission is to be 
restricted (e.g. col. 6, lines 45-49 and col. 7, line 66 - col. 8, line 3) 
Conclusion 

5. Applicant's amendment necessitated the new ground(s) of rejection presented in 
this Office action. Accordingly, THIS ACTION IS MADE FINAL. See MPEP 
§ 706.07(a). Applicant is reminded of the extension of time policy as set forth in 37 
CFR 1.136(a). 
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A shortened statutory period for reply to this final action is set to expire THREE 
MONTHS from the mailing date of this action. In the event a first reply is filed within 
TWO MONTHS of the mailing date of this final action and the advisory action is not 
mailed until after the end of the THREE-MONTH shortened statutory period, then the 
shortened statutory period will expire on the date the advisory action is mailed, and any 
extension fee pursuant to 37 CFR 1 .136(a) will be calculated from the mailing date of 
the advisory action. In no event, however, will the statutory period for reply expire later 
than SIX MONTHS from the date of this final action. 

6. The prior art made of record and not relied upon is considered pertinent to 
applicant's disclosure. (See PTO -892) 

Contact Information 
Any inquiry concerning this communication or earlier communications from the 
examiner should be directed to APRIL Y. SHAN whose telephone number is (571)270- 
1014. The examiner can normally be reached on Monday - Friday, 8:00 a.m. - 5:00 
p.m., EST. 

If attempts to reach the examiner by telephone are unsuccessful, the examiner's 
supervisor, Kim Y. Vu can be reached on (571) 272-3859. The fax phone number for 
the organization where this application or proceeding is assigned is 571-273-8300. 



Application/Control Number: 10/798,909 Page 8 

Art Unit: 2135 

Information regarding the status of an application may be obtained from the 
Patent Application Information Retrieval (PAIR) system. Status information for 
published applications may be obtained from either Private PAIR or Public PAIR. 
Status information for unpublished applications is available through Private PAIR only. 
For more information about the PAIR system, see http://pair-direct.uspto.gov. Should 
you have questions on access to the Private PAIR system, contact the Electronic 
Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a 
USPTO Customer Service Representative or access to the automated information 
system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000. 

/April Y Shan/ 
Examiner, Art Unit 2135 



/KimYen Vu/ 
Supervisory Patent Examiner, Art Unit 2135 



